In this article:
SecurityScorecard currently considers the following Cert algorithms as weak:
- sha1_ds
- dsawithsha1
- sha1_ecdsa
- ecdsa-with-sha1
- md2withrsaencryption
- md5_rsa
- md2_rsa
- md5withrsaencryption
- sha1withrsaencryption
- shawithrsaencryption
- mdc2withrsa
- sha1_rsa
- sha1withrsa
Note: In the Findings table for the issue type, one column heading is labeled SHA-256 Fingerprint. SHA-256 is not on the list of weak ciphers. This heading represents the unique SHA-256 digest computed from the certificate.